Open mrbluecoat opened 2 years ago
yongqianme
commented
2 years ago Yes. It is possible to make Omniedge the Exit node. It needs some routes rules from the devices. A node will be used as a Exit Node(server), and forward traffics for other nodes.
In order to enable Exit Node, there are two main work for Each clients:
yongqianme
commented
2 years ago https://github.com/ntop/n2n/blob/dev/doc/Routing.md
Yes. It is possible to make Omniedge the Exit node. It needs some routes rules from the devices. A node will be used as a Exit Node(server), and forward traffics for other nodes.
In order to enable Exit Node, there are two main work for Each clients:
- Enable routing, package forward, and IP masquerading on the Exit node
- Set the route traffic rules on the other clients to use the Exit Node
Basically you can compile the clients to have the EXIT function according to the #n2n doc:
yongqianme
commented
2 years ago Will add exit node feature to cli and make it automatically.
mrbluecoat
commented
2 years ago That's great news!
yongqianme
commented
2 years ago The EXIT NODE feature has been added in the branch: https://github.com/omniedgeio/omniedge-cli/tree/feature-ivy, you can compile it and have a try. We are still modifying to make it work better.
How to compile: https://github.com/omniedgeio/omniedge#compile
Here is how:
join command: sudo omniedge join -r at the device(Cloud Instance) you want to set as an EXIT NODEsudo sysctl -w net.ipv4.ip_forward=1sudo iptables -t nat -A POSTROUTING -j MASQUERADEEXIT_NODE_IP="100.100.100.1"
CUSTOMIZE_SUPERNODE_IP="11.22.33.44"
DNS_SERVER="8.8.8.8"
CURRENT_GW=$(ip route get 8.8.8.8 | head -n1 | awk '{ print $3 }')cp /etc/resolv.conf /etc/resolv.conf.my_bak
echo "nameserver $DNS_SERVER" > /etc/resolv.conf
ip route add $CUSTOMIZE_SUPERNODE_IP via "$CURRENT_GW"
ip route del default
ip route add default via $EXIT_NODE_IPip route del default
ip route del $CUSTOMIZE_SUPERNODE_IP via "$CURRENT_GW"
ip route add default via "$CURRENT_GW"
mv /etc/resolv.conf.my_bak /etc/resolv.conf#Prepare
EXIT_NODE_IP="100.100.100.1" #Get from api
CUSTOMIZE_SUPERNODE_IP="11.22.33.44" #Get from api
DNS_SERVER="8.8.8.8" #Get from api
CURRENT_GW=$(ip route get 8.8.8.8 | head -n1 | awk '{ print $3 }')
#Set
route delete
route ADD $CUSTOMIZE_SUPERNODE_IP MASK 255.255.255.0 $CURRENT_GW
route ADD 0.0.0.0 MASK 255.255.255.0 $EXIT_NODE_IP
#Restore
route delete $CUSTOMIZE_SUPERNODE_IP
route delete 0.0.0.0
route ADD 0.0.0.0 MASK 255.255.255.0 $CURRENT_GW#Prepare
EXIT_NODE_IP="100.100.100.1" #Get from api
CUSTOMIZE_SUPERNODE_IP="11.22.33.44" #Get from api
DNS_SERVER="8.8.8.8" #Get from api
CURRENT_GW=$(ip route get 8.8.8.8 | head -n1 | awk '{ print $3 }')
# Set
route -n add -net $CUSTOMIZE_SUPERNODE_IP $CURRENT_GW
route -n add -net 0.0.0.0 $EXIT_NODE_IP
# Restore
route delete -net $CUSTOMIZE_SUPERNODE_IP
route delete -net 0.0.0.0
route -n add -net 0.0.0.0 $CURRENT_GWTBD
TBD
mrbluecoat
commented
2 years ago Awesome, will do!
mrbluecoat
commented
2 years ago I was able to test it out and it works as intended but I was hoping for more of a client zero-configuration option. In this solution, the routing works because you're telling each client the default route to use. I was hoping you could define the routing at the server/cloud UI level. Or, if that isn't possible, perhaps limit the client configuration to specifying the exit node IP like Step 3 of https://tailscale.com/kb/1103/exit-nodes/
I'm also mostly interested in the mobile app use case for exit nodes. I'd like to route the mobile data through a Linux exit node.
P.S. you'll want to add autoconf to your list of prerequisites on https://github.com/omniedgeio/omniedge#build-for-ubuntu-1804-2004-2204debian-10-11
yongqianme
commented
2 years ago Thanks for the testing. Yes, we have plans to add it in the dashboard, and make it work with zero-config.
And Thanks for pointing the missing autoconf, we just update the compile for ubuntu/debian.
mrbluecoat
commented
2 years ago Excellent, looking forward to it. By the way, your bandwidth speeds (thanks to n2n) are much higher than Tailscale or ZeroTier. <3
mrbluecoat
commented
1 year ago It would also be ideal to pair exit node capability with always-on VPN on the client. If you configured the mobile app to support MDM configuration like https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment OmniEdge would be great for my use case.
mrbluecoat
commented
1 year ago ping
yongqianme
commented
1 year ago ping
It will take longer than I expected to release this feature. The barrie is not the technology but the regulation.
mrbluecoat
commented
1 year ago Interesting. Any specific regulation or just general privacy concerns? Companies routinely monitor device behavior. Perhaps a label in the app noting the mode is enabled?
yongqianme
commented
1 year ago OmniEdge is a C-Corp in Delaware, US, but the owner is Chinese Citizen who will travel frequently to China for other business. VPN service with exit node function needs license. It's funny but true.
There is a way to fix this: OmniEdge opens a Chinese branch and apply the VPN license or the owner keeps staying outside of China.
mrbluecoat
commented
1 year ago I see. Thanks for that background. Would you be able to create a code branch with the exit node functionality so I can locally build and test and if/when the regulation is resolved the tech piece will be done?
Yong-OmniEdge
commented
1 year ago I am sorry that we can not do it at the moment.
mrbluecoat
commented
1 year ago No worries, thanks for trying 🙂
Does OmniEdge have Exit Node capability? (route all network traffic destined for the public Internet through a specific node)
https://omniedge.io/docs/article/architecture mentions
Forward TCP and UDP traffic over the virtual network, either directly or indirectly. Provide local DNS resolution for proxied requests.so I'm hoping this is possible.